Scribd
Upload
130 views7 pages

A 10 Config

This document contains the configuration output of an ACOS device. It shows the device's IP addresses, interfaces, DDoS protection zones defined for various services like DNS, HTTP, FTP etc. It also contains the configuration of logging, SNMP, and sFlow settings.

Uploaded by

Văn Hải
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
130 views7 pages

A 10 Config

This document contains the configuration output of an ACOS device. It shows the device's IP addresses, interfaces, DDoS protection zones defined for various services like DNS, HTTP, FTP etc. It also contains the configuration of logging, SNMP, and sFlow settings.

Uploaded by

Văn Hải
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

ACOS_So4TST(config)#show run

ACOS_So4TST(config)#show running-config
!Current configuration: 1942 bytes
!Configuration last updated at 21:52:41 +07 Wed Jun 3 2020
!Configuration last saved at 21:52:44 +07 Wed Jun 3 2020
!64-bit Advanced Core OS (ACOS) version 3.2.5, build 69 (Dec-27-2019,16:52)
!
multi-config enable
!
system attack log
system ddos-attack log
!
ip address 192.168.200.50 255.255.255.0
!
ip default-gateway 192.168.200.200
!
ip dns primary 10.0.0.2
!
ip dns secondary 10.0.0.1
!
hostname ACOS_So4TST
!
timezone Asia/Bangkok
!
interface management
ip address 10.0.13.9 255.255.255.0
ip default-gateway 10.0.13.1
!
interface ethernet 1
name TSLCD_Out
mtu 1440
enable
ddos outside
!
interface ethernet 2
name TSLCD_In
mtu 1440
enable
ddos inside
!
interface ethernet 3
name FTTH_VNPT_Out
enable
ddos outside
!
interface ethernet 4
name FTTH_VNPT_In
enable
ddos inside
!
interface ethernet 5
name FTTH_FPT_Out
--MORE--
######## mtu 1500
enable
ddos outside
!
interface ethernet 6
name FTTH_FPT_In
mtu 1500
enable
ddos inside
!
interface ethernet 7
name Viettel_Out
enable
ddos outside
!
interface ethernet 8
name Viettel_In
enable
ddos inside
!
interface ethernet 9
!
interface ethernet 10
!
interface ethernet 11
!
interface ethernet 12
!
interface ethernet 13
!
interface ethernet 14
!
interface ethernet 15
!
interface ethernet 16
!
!
glid 10k_Rate_limit
rate-unit 1sec
conn-limit 5000
pkt-rate-limit 10000
over-limit-action drop
!
glid DNS_TCP_LIMIT_53
rate-unit 1sec
bit-rate-limit 25000
!
glid DNS_UDP_LIMIT_53
rate-unit 1sec
bit-rate-limit 25000
!
glid HTTP_LIMIT_80
rate-unit 1sec
bit-rate-limit 25000
!
glid ICMP_LIMIT-V4
rate-unit 1sec
bit-rate-limit 100000
!
glid SSL_L4_LIMIT_443
rate-unit 1sec
bit-rate-limit 25000
!
glid TCP_OTHER_LIMIT
rate-unit 1sec
bit-rate-limit 25000
!
ddos protection enable
ddos protection disable-on-reboot
!
ddos detection disable
!
ddos zone-template logging A10_LOGGING_Basic
!
ddos action-list Drop
action drop
!
ddos action-list Blacklist
action blacklist-src 5
!
ddos action-list Auth_Pass
action authenticate-src
!
ddos zone-template http HTTP_Basic
malformed-http check
action-list Drop
!
ddos zone-template http HTTP_Inter
mss-timeout mss-percent 25 number-packets 5
mss-timeout action-list Blacklist
challenge method http-redirect
challenge pass-action-list Auth_Pass
malformed-http check
action-list Drop
!
ddos zone-template http HTTP_Advanced
mss-timeout mss-percent 25 number-packets 5
mss-timeout action-list Blacklist
challenge method javascript
challenge pass-action-list Auth_Pass
--MORE--
######## slow-read size 1024 count 5
slow-read action-list Blacklist
malformed-http check
action-list Drop
!
ddos template tcp tcpcncrt
concurrent
syn-auth send-rst
!
ddos notification-template notify-agalaxy
api
host-ipv4-address 10.0.13.7 use-mgmt-port
timeout 30
relative-uri /agapi/v1/ddos/notification/
authentication
api-key api-key-encrypted
egSEErNlCD1wO6b9x5Tkeq8P2Kr82bZTIPH4D6xhSvSOJcN7R+UuxnKvAOyg6EnCjcjzVGjeRw2Dc8qm23L
scbXHQkAZA1iAPBCMuNXbAOc8EIy41dsA5zwQjLjV2wDn
!
ddos notification-template-common
default-template notify-agalaxy
!
ddos src default ip
!
ddos src default ipv6
!
ddos dst default ip
log-enable
l4-type icmp
l4-type other
l4-type tcp
drop-on-no-port-match disable
l4-type udp
drop-on-no-port-match disable
!
ddos dst default ipv6
!
ddos dst zone DNS_Server
operational-mode learning
ip 123.30.75.245
ip 113.163.189.245
ip 183.80.254.90
zone-template logging A10_LOGGING_Basic
log enable
ip-proto tcp
ip-proto udp
ip-proto gre
enable-top-k
ip-proto icmp-v4
enable-top-k
ip-proto icmp-v6
enable-top-k
port 53 dns-tcp
enable-top-k
port 53 dns-udp
enable-top-k
port other tcp
enable-top-k
port other udp
enable-top-k
!
ddos dst zone FTP_Server
operational-mode learning
ip 123.30.75.242
ip 183.80.254.92
ip 183.80.254.91
zone-template logging A10_LOGGING_Basic
log enable
ip-proto tcp
ip-proto udp
ip-proto gre
enable-top-k
ip-proto icmp-v4
enable-top-k
ip-proto icmp-v6
enable-top-k
ip-proto ipv4-encap
enable-top-k
ip-proto ipv6-encap
enable-top-k
ip-proto other
enable-top-k
port 20 tcp
enable-top-k
port 21 tcp
enable-top-k
port other tcp
enable-top-k
port other udp
enable-top-k
!
ddos dst zone HTTP_Server
operational-mode learning
ip 123.30.75.243
ip 113.163.189.243
ip 183.80.254.93
ip 115.75.188.6
zone-template logging A10_LOGGING_Basic
log enable
ip-proto tcp
glid HTTP_LIMIT_80
ip-proto udp
ip-proto gre
enable-top-k
ip-proto icmp-v4
enable-top-k
ip-proto icmp-v6
enable-top-k
ip-proto ipv4-encap
enable-top-k
ip-proto ipv6-encap
enable-top-k
ip-proto other
enable-top-k
port 80 http
glid 10k_Rate_limit
enable-top-k
level 0
zone-escalation-score 10
src-escalation-score 10
zone-template http HTTP_Basic
indicator concurrent-conns
score 20
src-threshold 10000
indicator conn-miss-rate
score 20
zone-threshold 40000
indicator empty-ack-rate
score 20
zone-threshold 1000
indicator rst-rate
score 20
zone-threshold 1000
indicator syn-rate
score 20
zone-threshold 1000
level 1
zone-escalation-score 10
src-escalation-score 10
zone-template http HTTP_Inter
indicator concurrent-conns
score 20
src-threshold 10000
indicator pkt-drop-ratio
score 20
src-threshold 2000
indicator rst-rate
score 20
zone-threshold 2000
indicator syn-rate
zone-threshold 8000
port other tcp
enable-top-k
level 0
zone-escalation-score 10
src-escalation-score 10
indicator concurrent-conns
score 20
src-threshold 10000
indicator conn-miss-rate
score 20
zone-threshold 40000
indicator pkt-drop-ratio
score 20
src-threshold 1000
zone-threshold 20000
port other udp
enable-top-k
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 2000
level 1
indicator pkt-rate
src-threshold 5000
!
ddos dst zone Mail_Server
operational-mode learning
ip 113.163.189.244
ip 123.30.75.244
zone-template logging A10_LOGGING_Basic
log enable
port 25 tcp
enable-top-k
port 110 tcp
enable-top-k
port 143 tcp
enable-top-k
port 465 tcp
enable-top-k
port 993 tcp
enable-top-k
port 995 tcp
enable-top-k
port other tcp
enable-top-k
port other udp
enable-top-k
!
ddos dst zone VPN_Server
operational-mode learning
ip 183.80.254.94
ip 113.163.189.246
ip 123.30.75.246
zone-template logging A10_LOGGING_Basic
log enable
port other tcp
enable-top-k
port other udp
enable-top-k
!
ddos sync enable
!
logging syslog information
!
logging host 10.0.13.7 use-mgmt-port
!
route-map A10-SET-NEXT-HOP permit 1
!
sflow setting counter-polling-interval 15
sflow setting local-collection disable
!
sflow collector ip 10.0.13.7 6343
use-mgmt-port
customized-setting export
a10-proprietary-polling
!
sflow collector ip 127.0.0.1 6343
!
sflow agent address 10.0.13.9
!
sflow polling ddos enable 3_0-compatibility
sflow polling ddos enable-anomaly-stats
!
snmp-server enable service
!
snmp-server enable traps all
!
snmp-server host 10.0.13.7 version v2c public
!
end
!Current config commit point for partition 0 is 0 & config mode is classical-mode

You might also like